Next step is to add validations to `web/models/user.ex`. Virtual `:password` field will exist in Ecto structure, but not in the database, so we are able to provide password to the model’s changesets and, therefore, validate that field.

```elixir

defmodule MyAppName.User do

# ...

schema "users" do

field :email, :string

field :name, :string

field :phone, :string

field :password, :string, virtual: true # We need to add this row

field :password_hash, :string

field :is_admin, :boolean, default: false

timestamps()

end

# ...

end

```

#### Validations and password hashing

Add `comeonin` dependency to your `mix.exs`

```elixir

#...

def application do

[applications: [:comeonin]] # Add comeonin to OTP application

end

# ...

defp deps do

[

# ...

{:comeonin, "~> 3.0"} # Add comeonin to dependencies

# ...

]

end

```

Now we need to edit `web/models/user.ex`, add validations for `[:email, password]` and integrate password hash generation. Also we need separate changeset functions for internal usage and API registration.

```elixir

defmodule MyAppName.User do

#...

def changeset(struct, params \\ %{}) do

struct

|> cast(params, [:email, :name, :phone, :password, :is_admin])

|> validate_required([:email, :name, :password])

|> validate_changeset

end

def registration_changeset(struct, params \\ %{}) do

struct

|> cast(params, [:email, :name, :phone, :password])

|> validate_required([:email, :name, :phone, :password])

|> validate_changeset

end

defp validate_changeset(struct) do

struct

|> validate_length(:email, min: 5, max: 255)

|> validate_format(:email, ~r/@/)

|> unique_constraint(:email)

|> validate_length(:password, min: 8)

|> validate_format(:password, ~r/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d).*/, [message: "Must include at least one lowercase letter, one uppercase letter, and one digit"])

Now we can't get access to /users route without Bearer JWT Token in header. That's why we need to add RegistrationController and SessionController. It's a good time to make commit before further changes.

Let's create RegistrationController. We need to create new file `web/controllers/registration_controller.ex`. Also we need specific `registration_changeset` that we declared before inside of `web/models/user.ex`